Facing Issue on multiple login(Multi tenant)
System has one user in main panel(main domain).
One user in sub panel(sub domain).
In browser I am login with sub domain user in one tab and in another tab Login with main domain user
what happen now every access or route enable for main domain user accessible by subdomain user also.
so some of the permission which is route specific can access subdomain user.
in this system there is no role so I need to apply only and only user specific guard on main domain user.
any idea how to implement user specific guard?
I had try many scenario to implement the user specific guard but not able to achieve.
Related
I'm developing a application with raw PHP. But I have a problem that needs solution. I have two types of user in my application (e.g: Administrator & User).
For administrator, I have following files under "admin" folder,
Admin (Dashboard, Change password, Add User, Profile, User List etc.)
Also for user, I have following files under "account" folder
Account (My account, Change password, Edit Profile etc.)
I want, after login user can't access any files of "admin" folder. Now, after login I check the role first, if use then I redirect him/her to www.example.com/account/my-account.php but, when user hit the following url then he/she can easily access backend functionalities.
www.example.com/admin/dashboard.php, www.example.com/admin/change-password.php, www.example.com/admin/add-user.php, www.example.com/admin/profile.php, www.example.com/admin/user-list.php
Is there any way to close the "admin" folder entrance for user?
TIA
See according to your question you have to assign a role. Though I prefer php frameworks more than a core php but still you could do.
Say you have a form where user and admin shares the same login form for logging purpose.
And you want admin to access all route and restrict few route to the user.
So , the little bit of logic, while you create admin or user you need to assign role as well.
When admin logs in ,according to it, the sql query fetches role and he is routed according to it and same goes with user also.
Set session for user and admin role. And when you enter to target after login the session you have to restrict pages not to acces by user.
lemme explain my problem - i wanna develop e-shop in symfony, but i dont know how to configure firewalls. Normally, i use firewall to restrict access in secured areas, like pages administration, but this time some pages should be accessible without login and in case user logs in, i wanna to get his info on those pages.
I can use two firewalls with different providers, one for admins and another for users. But - how to set security to have accessible user's data on pages, that are not under firewall?
Thank you in advance.
That is not what symfony firewalls are for. Firewalls are for Access Validation. Not View Validation.
You want to check the user (if logged in) in the view and show the data.
If the data changes dependend on the user (e.g. different prices), you'll have to check the user inside the controller.
I'm working on project where users can park their own domain to the main site and then it redirects to user profile. Something like personal site.
masterdomain.com
masterdomain.com/username1
usersdomain.com == masterdomain.com/username1
And basically every user can do such domain redirect and create their site.
In project users can follow, chat, comment and do other things while logged in.
Problem is, that login is related to particular domain name, so if I go to another user or to masterdomain.com I loose session...
Is this even possible to solve and if so, how it could be done? Maybe it's possible to set cookie for IP address?
I have application that let user create their own website. Every user separate using subdomain for example
my application url example.com, my user create their website in url user.example.com
my user having their own domain user.com, and I want to facilitate him change their website url from user.example.com into user.com
How can I achieve this?
Thank you very much..
Well, the way it is usually set up with popular platforms is that people have to set up their own domain and then point that domain per A-Record to your servers IP.
That basically means that everyone who enters the domain name in their browsers will end up on your server.
The next step would require the user to enter their domain name in their profile. You can then check the "incoming" domain and lookup the user for that domain - I dont know how your controllers and routing are set up, but you would then have to route these requests to the users profile page.
HI,
i am writing and designing a website with php.in this site every want can register and admin can go to admin.php for manage the site.but my problem is that every one that type www.example/login/admin.php can access to admin.php.how can i prevent other users that can't access to admin page?
You probably want to look at .htaccess file. Check this link out
You have to do the login page for the admin.php. Only if the people with the correct username and password can see the admin page and do the admin action
How do you define terms like "user" and "admin" and what is the process for creating/registering an account?
Generally, you would associate "users" with "roles" in your database. If a user account is supposed to be an admin, you associate that user record with the admin role. If the user is a standard user, associate them with the standard user role (which may be the default by having no role, though I'm not a big fan of implicit knowledge vs. explicit definitions in software). Users should also be able to have multiple roles, in case you have various classes of "user" and they need to have overlapping privileges.
Then, in the admin section of the site, your code would check if the current logged-in user (however you track that, you didn't specify) is in a given role before rendering the page. If not, then either send the user to another page or display a message, etc.
If every user can access the admin page, then essentially every user is an admin. How do you distinguish one from another in the code or in the data? That's where you need to start.